/**
 * 
 */
package com.monkeyboy.security.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

import com.monkeyboy.security.authevent.MyAuthenticationFailureHandler;
import com.monkeyboy.security.authevent.MyAuthenticationSuccessHandler;
import com.monkeyboy.security.config.mobile.SmsCodeSecurityConfig;
import com.monkeyboy.security.service.MyUserDetailsService;

/**
 * @Description
 *
 * @author Gavin<br>
 *         2019年8月30日
 */
@Configuration
public class SecurityConfig extends ResourceServerConfigurerAdapter {
	@Autowired
	private MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;
	@Autowired
	private MyAuthenticationFailureHandler myAuthenticationFailureHandler;
	@Autowired
	private MyUserDetailsService myUserDetailsService;
	@Autowired
	private SmsCodeSecurityConfig smsCodeSecurityConfig;// 导入短信验证码登录的配置

	@Override
	public void configure(HttpSecurity http) throws Exception {
		http.apply(smsCodeSecurityConfig)// 手机验证码登录
				.and().formLogin().loginPage("/authentication/require")// 自定义的一个控制器路径，可控制返回页面还是ajax数据
				.loginProcessingUrl("/authentication/form")// 提交该请求时候springsecurity就会用UsernamePasswordAuthenticationFilter过滤器来处理
				.successHandler(myAuthenticationSuccessHandler)// 使用自定义的成功处理器，以便对ajax数据进行返回
				.failureHandler(myAuthenticationFailureHandler)// 使用自定义的错误处理器
				.and().userDetailsService(myUserDetailsService)//
				.authorizeRequests()// 对下面的请求进行授权配置
					.antMatchers("/authentication/require", "/mylogin.html")
					.permitAll()//
					.antMatchers("/user").hasRole("ADMIN")//只有拥有admin这个角色才可以访问/user这个请求
				.anyRequest().authenticated()//剩下的请求只要登录了就可以访问
				.and().csrf().disable();// 禁用csrf
	}

}
